Google reportedly hosted a “malware” app on its Google Play store that stole users’ cryptocurrency, leading tech site Ars Technica to claim the company “can’t be trusted to proactively keep malware out of Play.”
According to Ars Technica, the “clipper” malware app “masqueraded as a legitimate cryptocurrency app,” and “worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers.”
“As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers,” Ars Technica reported, adding that the malware “impersonated a service called MetaMask” on the Google Play store.
ESET researcher Lukas Stefanko, who flagged the app, explained in a blog post, “This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018. In February 2019, we discovered a malicious clipper on Google Play, the official Android app store.”
“Although relatively new, cryptocurrency stealers that rely on altering the clipboard’s content can be considered established malware. ESET researchers even discovered one hosted on download.cnet.com, one of the most popular software-hosting sites in the world,” Stefanko proclaimed. “In August 2018, the first Android clipper was discovered being sold on underground hacking forums and since then, this malware has been detected in several shady app stores.”
The app was reportedly discovered this month, and Google has since removed it, however, Ars Technica claimed the incident “is yet more evidence that Google can’t be trusted to proactively keep malware out of Play.”
Last week, the company was criticized for hosting a Saudi Arabian app which allows men to track women’s movements and “stop them leaving the country,” and Google currently hosts an app which allows Muslim Indonesians to report incidents of religious heresy to the government.